Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ecosystem.
A single instance, recorded by Sonatype in July 2024, saw 281,512 distinct packages appearing on the npmjs.com registry overnight — each package named a gibberish Latin phrase akin to Lorem Ipsum.
The post Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight appeared first on Security Boulevard.
This article has been indexed from Security Boulevard